Supermicro says external auditors found no evidence of ‘spy chips’

Chipmaker Supermicro says independent auditors found no malicious ‘spy chips’ on its hardware.

In a letter addressed to customers published today (11 December), Supermicro said that an outside investigations company could not find any evidence of any malicious software in its current or older-model motherboards.

Supermicro continues to fight allegations

The investigation itself stems from an explosive report published by Bloomberg Businessweek in October. The report alleged that Chinese spies were able to covertly monitor American servers using secret microchips embedded in motherboards.

Once the story was published, companies that were mentioned in the report, including Amazon, Apple and Supermicro, were swift in their denial of its contents. The US Department of Homeland Security stated it had “no reason to doubt” the statements made by the companies refuting the incendiary report.

A person familiar with the external analysis told Reuters that it had been conducted by global company Nardello & Co and that Supermicro customers could ask for more information on the results of the audit. The auditors also examined software and design files without finding any unauthorised components or signals being sent out.

In the letter, Supermicro executives said: “As we have stated repeatedly since these allegations were reported, no government agency has ever informed us that it has found malicious hardware on our products, no customer has ever informed us that it found malicious hardware on our products, and we have never seen any evidence of malicious hardware on our products.”

No retraction as of yet

The companies have demanded that Bloomberg Businessweek retract the story and Supermicro is said to be reviewing its legal options. Many customers also conducted multiple audits.

Since the report was published, Bloomberg has not published irrefutable evidence that the story is true. The report cites numerous unnamed experts in the US national security space, as well as hardware security professionals, and the publication has not yet backed down in its support of the story.